Allow to delete passwords on public links when password is enforced but permission is set

packages/web-app-files/src/components/SideBar/Shares/FileLinks.vue

@@ -25,6 +25,7 @@
         :is-folder-share="resource.isFolder"
         :is-modifiable="canEditLink(quicklink)"
         :is-password-enforced="isPasswordEnforcedFor(quicklink)"
+        :is-password-removable="canDeletePublicLinkPassword(quicklink)"
         :link="quicklink"
         @update-link="checkLinkToUpdate"
         @remove-public-link="deleteLinkConfirmation"
@@ -57,6 +58,7 @@
           :is-folder-share="resource.isFolder"
           :is-modifiable="canEditLink(link)"
           :is-password-enforced="isPasswordEnforcedFor(link)"
+          :is-password-removable="canDeletePublicLinkPassword(link)"
           :link="link"
           @update-link="checkLinkToUpdate"
           @remove-public-link="deleteLinkConfirmation"
@@ -185,6 +187,11 @@ export default defineComponent({
         })
     )
     const canCreatePublicLinks = computed(() => can('create-all', 'PublicLink'))
+
+    const canDeleteReadOnlyPublicLinkPassword = computed(() =>
+      can('delete-all', 'ReadOnlyPublicLinkPassword')
+    )
+
     const canCreateLinks = computed(() => {
       if (unref(resource).isReceivedShare() && !unref(hasResharing)) {
         return false
@@ -225,6 +232,7 @@ export default defineComponent({
       directLinks,
       indirectLinks,
       canCreatePublicLinks,
+      canDeleteReadOnlyPublicLinkPassword,
       configurationManager,
       passwordPolicyService,
       canCreateLinks,
@@ -389,6 +397,21 @@ export default defineComponent({
       )
     },
 
+    canDeletePublicLinkPassword(link) {
+      const isFolder = link.indirect || this.resource.isFolder
+      const isPasswordEnforced = this.isPasswordEnforcedFor(link)
+
+      if (!isPasswordEnforced) {
+        return true
+      }
+
+      const currentRole = LinkShareRoles.getByBitmask(parseInt(link.permissions), isFolder)
+
+      return (
+        currentRole.name === linkRoleViewerFolder.name && this.canDeleteReadOnlyPublicLinkPassword
+      )
+    },
+
     addNewLink() {
       this.checkLinkToCreate({
         link: {
@@ -422,7 +445,7 @@ export default defineComponent({
     checkLinkToUpdate({ link }) {
       const params = this.getParamsForLink(link)
 
-      if (!link.password && this.isPasswordEnforcedFor(link)) {
+      if (!link.password && !this.canDeletePublicLinkPassword(link)) {
         showQuickLinkPasswordModal(
           {
             ...this.$language,
@@ -626,6 +649,7 @@ export default defineComponent({
 #oc-files-sharing-sidebar {
   border-radius: 5px;
 }
+
 .link-name-container {
   background-color: var(--oc-color-input-bg);
   border: 1px solid var(--oc-color-input-border);

packages/web-app-files/src/components/SideBar/Shares/Links/DetailsAndEdit.vue

@@ -228,6 +228,10 @@ export default defineComponent({
       type: Boolean,
       default: false
     },
+    isPasswordRemovable: {
+      type: Boolean,
+      default: false
+    },
     link: {
       type: Object,
       required: true
@@ -323,7 +327,7 @@ export default defineComponent({
           method: this.showPasswordModal
         })
 
-        if (!this.isPasswordEnforced) {
+        if (this.isPasswordRemovable) {
           result.push({
             id: 'remove-password',
             title: this.$gettext('Remove password'),
@@ -338,7 +342,7 @@ export default defineComponent({
           })
         }
       }
-      if (!this.isPasswordEnforced && !this.link.password && !this.isAliasLink) {
+      if (!this.link.password && !this.isAliasLink) {
         result.push({
           id: 'add-password',
           title: this.$gettext('Add password'),

packages/web-client/src/helpers/resource/types.ts

@@ -22,6 +22,7 @@ export type AbilitySubjects =
   | 'Language'
   | 'Logo'
   | 'PublicLink'
+  | 'ReadOnlyPublicLinkPassword'
   | 'Role'
   | 'Setting'
 

packages/web-pkg/src/quickActions.ts

@@ -81,15 +81,20 @@ export default {
       if (passwordEnforced) {
         return showQuickLinkPasswordModal(
           { store, $gettext: language.$gettext, passwordPolicyService },
-          async (password) => {
-            await copyQuicklink({
-              ability,
-              clientService,
-              language,
-              password,
-              resource: item,
-              store
-            })
+          async (password: string) => {
+            try {
+              await copyQuicklink({
+                ability,
+                clientService,
+                language,
+                password,
+                resource: item,
+                store
+              })
+              store.dispatch('hideModal')
+            } catch (e) {
+              console.error(e)
+            }
           }
         )
       }

packages/web-runtime/src/services/auth/abilities.ts

@@ -23,6 +23,9 @@ export const getAbilities = (
     ],
     'Logo.Write.all': [{ action: 'update-all', subject: 'Logo' }],
     'PublicLink.Write.all': [{ action: 'create-all', subject: 'PublicLink' }],
+    'ReadOnlyPublicLinkPassword.Delete.all': [
+      { action: 'delete-all', subject: 'ReadOnlyPublicLinkPassword' }
+    ],
     'Roles.ReadWrite.all': [
       { action: 'create-all', subject: 'Role' },
       { action: 'delete-all', subject: 'Role' },